WikiScanner Creator Releases New Tools to Uncover Anonymous Edits

Share

WikiScanner Creator Releases New Tools to Uncover Anonymous Edits

Virgil Griffith, creator of the popular WikiScanner that exposed edits that Diebold and CIA employees were making to Wikipedia pages, is releasing a suite of new tools at the HOPE (Hackers on Planet Earth) conference in New York today.

One of the tools is an update to WikiScanner that will help people identify interesting edits more quickly; the other tool is new and is designed to uncover Wiki wars that occur between opposing factions – such as dueling edits between Israel and Iran factions over the Holocaust.

WikiScanner, which made headlines when Griffith debuted it last year and even landed him on the Colbert Report, allows users to automatically track anonymous edits that people make to Wikipedia entries and trace them to their source. It does so by taking the IP address of the anonymous person who made the Wikipedia changes and identifying who owns the computer network from which the person made the edits.

The tool exposed how insiders at Diebold Election Systems, Exxon, the Central Intelligence Agency and other companies and organizations were surreptitiously deleting or changing information that was unflattering to them or contradicted the company line.

One of the scanner's flaws, however, was that it required quite a bit of sifting through lots of edits to uncover the really interesting changes that an organization insider made – changes, for example, that might represent a conflict of interest (such as a Diebold insider deleting information from a Wikipedia entry that was critical of its voting machines).

So Griffith has upgraded the Scanner to collect not only edits that an insider makes to a company's main Wikipedia entry but to automatically flag as interesting any edits that an insider makes to any Wikipedia pages about products for which the company holds a trademark – changes that could be considered a conflict of interest. It will also flag edits made to any pages that link to the company's main Wikipedia page (for example, the Wikipedia page on .net framework links to the Wikipedia entry on Microsoft). The tool makes use of the trademark database from the U.S. Patent and Trademark Office to determine what trademarks a company holds.

"It's flagging edits anywhere in the constellation of pages that are related to (the organization)," he says. "So now if you're short on time you can say, hey, show me the interesting stuff that happened yesterday . . . where interesting (is defined as) things that are likely conflict-of-interest edits."

He's also upgraded the scanner to uncover insiders who try to hide from the tool by making changes from a computer outside of their organization's network. He's done this by exploiting a bug in Wikipedia (which has been fixed since he wrote the tool). The Wikipedia bug involved a glitch in the system that sometimes exposed the IP address of Wikipedia's registered account holders if they took too long to edit a discussion page on Wikipedia while logged in. What would happen is the session would time out and would submit the account holder's change with his or her IP address instead of the username, as it was supposed to do.

Griffith says that generally when this happened, the user would quickly log back into the account and replace the published IP address with a user name to retain his or her anonymity. But in doing so, they actually exposed themselves in a more damning way that could be tracked.

"It means you can troll all of Wikipedia looking for any cases where an IP address was removed and a user name was added and have a connection between an IP address and a user name from a single edit," he says.

Which is exactly what Griffith did. He mined Wikipedia for all the cases in which this occurred and now has the IP address for about 10,000 of Wikipedia's registered account holders. What this means, of course, is that any user who has ever had their registered Wikipedia account time out on them in this way, will now have their IP address exposed and connected to their user name.

Griffith hasn't sifted through them yet to examine what edits these account holders made but says Wikipedia founder Jimmy Wales is on the list, as well as most of the Wikipedia administrators.

He's also put together a page, which he's calling SockPuppetry, that matches all the user names that are associated with a particular IP address or range. This can help determine, for example, all of the user names that insiders from Diebold IP addresses are using or expose one user at a single IP address who may be making a lot of changes under different user names.

In addition to the Scanner upgrades, Griffith is releasing WikiGanda, a tool designed to uncover edit wars between two factions. (The name is a take on propaganda.) Griffith says the idea for it came from a documentary he saw that referred to Wikipedia as an "information war zone" where different factions competed to control information.

"There have been cases where neo-Nazis tried to edit all of the Holocaust pages to minimize the Holocaust, but typically the battle doesn't go on for more than a few days and one side clearly wins," Griffith says. "For example, the neo-Nazis are quickly outnumbered by the other Wikipedia editors and it lasts for maybe a few days."

But he wanted to see if other groups were engaging in prolonged warfare that hadn't been uncovered – for example, Microsoft employees against Google or Yahoo employees. WikiGanda allows you to put groups into opposing teams and examine pages to determine if the sides are fighting an information war in the edits.

He hasn't had time to play with the tool extensively but hopes others will use it to uncover skirmishes between companies and countries.

The last item Griffith is releasing is called BeaverScope and is essentially his contribution to the prank wars between CalTech, where Griffith is a grad student, and its rival MIT. (MIT's mascot is a beaver.)

A year ago Griffith stumbled on a little treasure – a list of all the IP addresses allotted to buildings on MIT's campus, which drills all the way down to all the IP addresses assigned to individual labs. Using the info, someone can track Wikipedia edits directly to the specific MIT lab where they originated.

"So instead of it saying this edit came from the MIT campus, it says this edit came from Matt Wilson's lab at MIT campus," he says. "You can get it pretty darn precise. You have the time, the user name and what they edited. So the hope is that there are things there that will be embarrassing and people in the MIT community will know exactly who it is. And that will be very funny."

All of the tools and documents will be available at Griffith's WikiWatcher site in about two weeks. A third tool will also be released at that time, though Griffith isn't prepared to discuss it yet.